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REMARKS 

In sections 3, 4 and 5 of the Office Action, the Examiner rejected claims 2-9 
and 11 on the basis that the specification does not disclose a firewall device 
which comprises, in addition to the firewall itself, a wireless communication 
device. It is arguable what can be included under the term "firewall device" and 
what the term "wireless communication device" means. However, it is clear that 
the specification teaches in Figure 3 an interface module 210 inside the firewall 
device 222 and that this interface module is taught as having the function to 
establish data communications between the firewall module 220 and the wireless 
device 200 via a collocated wireless data terminal (transceiver) and the wireless 
network 202. Note that the wireless data terminal 208 is shown as coupled to the 
firewall 108 in Figures 2A and 2B and that the specification teaches the firewall 
108 being coupled to the wireless device 200 via the wireless data terminal 208 in 
all embodiments. Thus, while the wireless data terminal 208 is shown outside 
the firewall in the drawings, a critical component of the wireless interface, module 
210 is taught as inside the firewall. Further, Claim 11 has been amended to 
specify a "wireless communication interface module" which is part of the firewall 
device and which provides a limited management interface for a wireless remote 
device. 

In general, a firewall may be embodied , for example, in a computer 
programmed to execute the network security application of the firewall, while the 
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computer is also provided with a wireless modem in the form of a wireless 
modem circuit board inserted into the computer, or in the form of other kinds of 
modem modules. 

The applicant has chosen to amend the claims to use the term "network 
management equipment" with the intent of using this term to refer to the 
equipment comprising a firewall device and a wireless modem co-located at the 
same site. The co-location of the firewall and the wireless communication device 
connected to the firewall is evident from the examples given in the specification. 
For example, page 8, lines 9 to 22 illustrate that the connection between the 
wireless data device and the firewall may be for example a serial cable (RS232). 
As another example, the specification describes that the firewall may command 
the wireless data modem 208 using AT commands which are well known 
commands for controlling modems. 

Thus, it is fair to say from the teachings of the specification, that the 
equipment defined in amended claim 11 refers to a single firewall apparatus or 
equipment at a single site. 

Claim 1 1 has also been amended to more clearly recite that the network 
security application is that of the firewall device, and that the firewall device 
comprises a wireless communication interface module configured to provide for a 
remote wireless device a limited management user interface. The limited 
management user interface is for conducting a limited number of management 
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operations of the full management user interface for the network security 
application of the firewall device over a wireless remote connection established via 
a said co-located wireless communication device connected to said wireless 
communication interface module. 

Claim 1 1 has also been amended to define that the firewall device is 
connectable between a first network and a second network, and that the network 
security application of the firewall device monitors traffic passing between the first 
network and the second network. 

Win et al. fails to teach a network management equipment comprising a 
wireless communication device and a firewall device as defined in claim 11. 

As noted previously, Win discloses a method for secure user access to 
authorized web resources, based upon the user's role in the organization that 
controls the web resources. The information is maintained in a protected server 
and the access is provided by an access server. The access server 106 is 
connected by a secure communication link to a registry server 108 which 
manages access to administrative information about user resources and roles of 
the user. In other words, Win teaches to manage user information via an access 
server and a registry server. Win et al. does not relate to management of a firewall. 

The Examiner refers to column 21, lines 50-58 in Win as disclosing a 
firewall. However, Figure 8 in Win discloses the firewalls 802 and 804 arranged to 
protect the access server and the registry server, i.e., the servers which control the 



KOL-025 Amend 9_06 



10 



PATENT 

access to the protected information and which are managed by the management 
interface in the system according to Win. 

Win fails to teach that a firewall is provided with a security application, or 
with any management user interface which comprises mechanisms for 
conducting management operation for the network security application of the 
firewall over a secure data connection. Win also fails to teach a wireless 
communication interface module configured to provide for a remote wireless 
device a limited managment user interface for conducting a limited number of 
management operations of the full management user interface for the network 
security application of the firewall device. 

Win further fails to teach that the wireless communication interface module 
of a firewall device is connected to a co-located wireless communication device 
through which the wireless remote connection is established. 

Moreover, Win fails to teach a limited management user interface. On the 
contrary, Win discloses only a full management user interface, namely an 
administrative application incorporated in an administrator work station 700 
shown in Figure 7. 

In item 8 of the office action, the Examiner rejects claim 1 1 as unpatentable 
over Win in view of newly cited document, U.S. patent 6,496,927 (McGrane et al.) 
The Examiner alleges that the McGrane reference discloses maintaining a limited 
user interface within a managed device, such as a firewall. McGrane discloses an 
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arrangement for controlling domestic entertainment electronics by a control unit 
which is operationally coupled to each of the devices to be controlled. A hand-held 
remote controller is used to present a user interface to the user. In response to 
inpu from the user, the remote sends infrared signals to the control unit, which 
responds to these IR signals by sending commands to the controlled devices. 
The control unit and the hand-held remote controller may be programmed by 
means of a personal computer. 

McGrane has absolutely nothing to do with security management of data 
communication networks. 
The Law of Obviousness 

Suggestion is based on liklihood of success in solving the problem the 
inventors solved by making the combination or modification suggested by the 
Examiner. This question entails examination of the problems addressed by the 
prior art, and what functions are performed by elements taken from prior art 
references, their purpose, the environment in which they operate and how they 
interact with other elements. Technological incompatibility can arise out of a 
mismatch between any of these factors and the need or problem being addressed 
by the inventor. 

The question underlying the issue of whether or not suggestion exists is 
this: Is there a reasonable likelihood of success in making the substitution or 
modification to the prior art needed to make the invention. Obviousness cannot be 
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established by combining the teachings of the prior art to produce the claimed 
invention absent some teaching, suggestion or incentive to do so. In re Bond. 910 
F.2d 831, 834, 15 USPQ2d 1566, 1568 (Fed. Cir. 1990). Suggestion arises from 
one of ordinary skill in the art perceiving a likelihood of success in solving the 
problem the inventors solved by making the combination. In other words, the 
consistent criterion for determination of obviousness is whether the prior art would 
have suggested to one of ordinary skill in the art that this process should be 
carried out and would have a reasonable likelihood of success, viewed in the light 
of the prior art. See Burlington Industries v. Quiaa . 822 F.2d 1581, 1583, 3 USPQ2d 
1436, 1438 (Fed.Cir.1987): In re Hedces . 783 F.2d 1038, 1041, 228 USPQ 685, 
687 (Fed.Cir.1986). 

In deciding these question, one must examine the totality of the 
circumstances includes the problem addressed by the invention, the advantages, 
characteristics or properties the invention has etc. as well as all the other factors 
identified herein. 

One of the big questions in deciding on the existence or non existence of 
obviousness is was all the knowledge needed to make the claimed invention 
present in the prior art. Where the prior art of a combination of references cited in 
support of an obviousness rejection does not teach an element needed to solve 
the problem the claimed invention solved, the obviousness argument must fail, in 
re Haves Microcomputer Products, Inc. . 982 F.2d 1527, 1541, 25 USPQ2d 1241 
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(Fed. Cir. 1992) [failure of prior art to teach a claimed method of detecting escape 
sequences in modems doomed obviousness invalidity argument of infringer even 
though escape sequences themselves were admittedly in the prior art]. 

Here, the prior art references applied by the Examiner do not teach a 
wireless device and process to manage security in a data communication network 
via a limited managment inteface provided wirelessly and controlled by the 
wireless device. 

An important subsidiary question to the question of did the prior art teach all 
the knowledge necessary to make the invention is were the elements from the 
prior art which the Examiner combined in the claimed combination used in the 
prior art for the same purpose or do the same work as they do in the claimed 
combination? Rvcov. Ao Baa . 857 F.2d 1418, 8 USPQ2d 1323 (Fed.Cir. 1988). 

Here, the wireless IR interface of McGrane is not used for controlling 
security in a data communication network and there is no firewall security 
application which has some of its management operations available through the 
wireless interface. Therefore, the teaching of a wireless interface in the prior art is 
not of the same structure nor for the same purpose as the wireless interface is 
used in the claimed invention. Thus, it is not fair to say that the prior art contains 
all the knowledge needed to make the invention used for the same purpose in the 
prior art as it is used in the claimed combination. To ascribe functionality to the 
prior art in the way that the Examiner has done here when the prior art does not 
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teach such functionality is hindsight reconstruction and negates obviousness. 

Given these teachings of the prior art, there would have been no motivation 
to apply teachings of McGrane, which relates to domestic entertainment 
electronics, to the system of Win et a!., which relates to managment of access to 
web resources. 

Moreover, McGrane teaches away from the present invention by teaching 
that all devices should be managed through a single centralized unit and control 
interface. 

Based upon the above arguments, claim 1 1 is not obvious from the 
combination of Win et al. in view of McGrane. 

Claims 2-9 are dependent on claim 1 1 , and therefore are also patentable. 

In section 7 of the Office Action, claims 12-13 are rejected as being 
anticipated by U.S. patent 6,640,097 (Corrigan et al.). In response to this rejection, 
claims 12 and 13 are cancelled. 

A new claim 14 has been added which places the full management 
interface in a computer which is coupled to the firewall device and specifies a 
wireless data terminal collocated with the firewall that communicates with a 
remote wireless device to implement the limited management interface. The 
limited management interface inside the firewall is implemented in a wireless 
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communication interface module which communicates with the wireless data 
terminal. 
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